General
-
Target
f3b72059e2de728e8e501e3ad626af45_JaffaCakes118
-
Size
378KB
-
Sample
240416-r6559sec8v
-
MD5
f3b72059e2de728e8e501e3ad626af45
-
SHA1
1af07d2d24adf92faf1bdf2357a098b3949fdbb3
-
SHA256
b1b56f177a463229c447d60683f7420530042faefc2f50077d7dd137ee40ba5d
-
SHA512
6fcc5c5e548b14705762f801f6bb30960ab7da481a7ea5f90d4f7af716046b327c401389ccd931e323b637333090f5ae765389da58b4be365ad447838a2b7a46
-
SSDEEP
6144:ohVc2rkTw3AQ0U+cUGh/ixN2r05y1FskG5btnMhoe9E:ohVcI0UXixN75cG5btn+d9
Static task
static1
Behavioral task
behavioral1
Sample
f3b72059e2de728e8e501e3ad626af45_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
cemfyj62.top
morota06.top
-
payload_url
http://bojitn09.top/download.php?file=lv.exe
Targets
-
-
Target
f3b72059e2de728e8e501e3ad626af45_JaffaCakes118
-
Size
378KB
-
MD5
f3b72059e2de728e8e501e3ad626af45
-
SHA1
1af07d2d24adf92faf1bdf2357a098b3949fdbb3
-
SHA256
b1b56f177a463229c447d60683f7420530042faefc2f50077d7dd137ee40ba5d
-
SHA512
6fcc5c5e548b14705762f801f6bb30960ab7da481a7ea5f90d4f7af716046b327c401389ccd931e323b637333090f5ae765389da58b4be365ad447838a2b7a46
-
SSDEEP
6144:ohVc2rkTw3AQ0U+cUGh/ixN2r05y1FskG5btnMhoe9E:ohVcI0UXixN75cG5btn+d9
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-